A cybercrime gang responsible for the Oakland ransomware attack has published the second batch of the leaked data to the dark web.
Play ransomware gang, the hacking group responsible for the ransomware attack in February 2023, had previously leaked 10 GB in March 2023.
According to the City of Oakland, the stolen data includes personal information of current and former city employees and a subset of residents’ data.
Oakland confirms another leak from the February ransomware attack
The City of Oakland discovered that the threat actor responsible for the February ransomware attack had leaked more data to the dark web.
Describing the exposure as “recent,” Oakland City officials did not say when the leaked data was published or the ransom amount demanded. Additionally, the city did not disclose the size of the leaked data, but sources estimated it was around 600 GB.
Meanwhile, the city launched an investigation with third-party specialists and law enforcement and promised to notify impacted individuals under the applicable law.
Additionally, the city determined that the second leak did not involve further compromise to its systems.
In March, LockBit ransomware claimed it had breached the City of Oakland and promised to publish stolen data in 19 days, which coincides with the recent leak.
However, Oakland denied suffering a second security breach and attributed the new leak to the “same unauthorized third party” responsible for the February ransomware attack.
“We are aware that another unauthorized actor claims to have access to data removed from the City of Oakland’s systems. Based on our investigation so far, we have no indication there was additional unauthorized access of our systems.”
Back in February, Oakland City pulled its systems offline and declared a state of emergency after detecting the Play ransomware attack. The shutdown disrupted many non-emergency services, preventing residents from filing police reports or paying city taxes.
According to the city, the recently leaked data belonged to employees on the city’s payroll between 2010 and 2022. However, the city did not disclose the details exposed, but previously leaked data included the victims’ Social Security numbers, driver’s license numbers, dates of birth, and home addresses.
Oakland City Mayor Sheng Thao had promised that her administration would support the data breach victims and strengthen the security of the city’s information systems. Part of the support package included months of complimentary identity theft protection with Experian.
Meanwhile, the city is still recovering from the effects of the ransomware attack, nearly two months after the ransomware attack was reported.
The City of Oakland hit with a lawsuit over leaked data
The City of Oakland faces legal action from a police union that demands $25,000 in compensation per police officer. The 700-member Oakland Police Officers’ Association (OPOA) accuses the city of failing to implement “reasonable, industry-standard security protocols,” resulting in the compromise of sensitive information.
According to the union President Barry Donelan, the city broke its employees’ trust by leaking the data through alleged “incompetence and negligence.”
OPOA claims the City of Oakland was warned about significant cybersecurity deficiencies before the breach.
The previous data leak included documents alleging police misconduct, which the union could consider damaging to its members.
Faced with another challenge and given its initial refusal to pay, it is highly unlikely that the city will pay the ransom now after the data was leaked.
“The city of Oakland is continuing to face ongoing impacts from the initial attack that has resulted in rippling effects,” said Mark Shainman, Senior Director of Data Governance Products at Securiti. “The exposure of stolen documents from the city’s police department, network outages, and ransom demands are among the major problems. This chain of attacks against the city underscores the importance of implementing proper security and privacy measures, especially after already suffering another attack.”